Les Mikesell: >> How do you prevent re-use without keeping plain text or reversibly >> encrypted copies of the old ones laying around waiting to be >> stolen? Mikkel L. Ellertson: > You keep copies of the old encrypted passwords around, and compare > the new one to them. If they match, reject the password. After all, > you do that to the current one every time someone tries to log in. I don't think that'd work if each time the system encrypts the same password, the encrypted version is a new hash. -- (Currently running FC4, occasionally trying FC5.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
